Versions Compared

Old Version 58

changes.mady.by.user David William Botsch

Saved on

compared with

New Version 59

changes.mady.by.user David William Botsch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
[capaths]
CIT.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

GUEST.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

CORNELL.EDU = {
    CIT.CORNELL.EDU = .
    CNF.CORNELL.EDU = CIT.CORNELL.EDU
}

Windows

  1. If you are upgrading from a 1.5.x or earlier version of OpenAFS, first remove any AFS drive mappings.
  2. d/l MIT Kerberos for Windows (32 or 64-bit, depending on your windows os install) 4.0.1 from http://web.mit.edu/kerberos/dist/index.html
    1. Do a Typical install
  3. d/l 1.7.x MSI client installer (for Managed installations) from http://www.openafs.org/windows.html 
    1. If installing on 64-bit Windows, you will also need the 32-bit tools package. Install this doing a "Typical" install.
  4. Set your computer not to go to sleep unless installing 1.7.x
  5. run the openafs installer
    1. Select a Custom install
    2. Accept the defaults for which components to install unless...
      1. If installing 1.7.x, you will need to install the "Authentication" component -- not enabled by default in 1.7.x.
    3. Change the cell name from openafs.org to cnf.cornell.edu
    4. Accept defaults on the rest of the screens
    5. Don't yet reboot (when prompted by the installer)
  6. Run the attached .reg files to set OpenAFS registry settings
  7. Copy the attached krb5.ini to c:\ProgramData\MIT\Kerberos (on XP, instead use C:\Documents and Settings\All Users\Application Data) overwriting the krb5.ini file that may be already there
    • NOTE: If your organization also uses Kerberos, you will instead want to merge in the CNF krb5.ini with your organization's krb5.ini .
    • Your local tech support or CNF Computing support can help you with this.
  8. Firewall Configuration - Under Windows XP and newer, we recommend that you just use the built-in Windows firewall. For other firewalls: SYMANTEC - If the Symantec Client Firewall is installedIf you are using a firewall other than the built in Windows firewall, you will need to add a rule allowing all traffic to/from 10.254.254.253
    • If, during the Symantec configuration process, you get a popup window about a script error, you have two choices:
      • Reinstall Symantec - this MAY fix the problem
      • Disable the Symantec firewall and enable the Windows firewall - consult CNF IT staff for help on doing this
      • If you would prefer to continue using the Symantec Client firewall, follow the below to allow AFS to work:
          1. Open Symantec Client Firewall
          2. Client Firewall - Configure
          3. Advanced Tab
          4. General Button
          5. Add a rule
          6. Permit
          7. Connection to and from other computers
          8. Only the computers and sites listed below: Add 10.254.254.253
          9. TCP and UDP and All types of communication
          10. Don't log anything
          11. Name the rule AFS Loopback Rule
          12. Check All Locations
          13. Finish
          14. Find the rule in the list of General Rules (it will be at the bottom) and repeatedly click "Move Up" to get the rule to the top of the list
  1. open incoming UDP port 7001. 
  1. NOW, REBOOT. After rebooting, your firewall may prompt you to allow the various afs applications access to the network. You should choose to Always Allow these.
  2. OPTIONAL, set up a drive mapping (must be done AFTER REBOOTING)
    1. Right click on My Network Places
    2. Map drive
    3. To follow the CNF convention, set the drive letter to X
    4. Set the path to \\afs\cnf.cornell.edu
    5. Choose to Reconnect the drives
    6. Done

...

  1. Install the Mountain Lion krb5.conf file to /private/etc/krb5.conf
    1. The /private/etc folder is hidden... to get to it from the Finder...
    2. From the "Go" menu choose "Go to Folder"
    3. Type in /private/etc
    4. You can now copy the krb5.conf file over... you will be prompted for administrator credentials
  2. Install the Mountain Lion edu.mit.Kerberos file to /Library/Preferences/edu.mit.Kerberos
    1. You may first have to delete any existing edu.mit.Kerberos file (Finder may not let you overwrite the existing file)
    2. The deletion operation will require typing in an administrative username and password
    3. Copying over the new file will require typing in an administrative username and password
  3. Download OpenAFS 1.6.5 or greater from the openafs.org website (10.7 / 10.8) OR Download 1.6.5.2 for Mavericks from this link (10.9)
  4. Run the OpenAFS package installer
    1. Specify cnf.cornell.edu as the cell name and cnf as the cell alias
    2. No reboot is necessary (unless you are running Mavericks, Mac OS 10.9) - AFS will start running when the installer finishes
  5. TO show the AFS icon on the Desktop...
    1. Finder - Preferences
    2. General tab
    3. Check "Connected Servers"
  6. Download the gui AFSTokens app for SnowLeopard (afstokens-64bit.zip) from https://forge.cornell.edu/sf/projects/afs_tokens 
    1. File Releases tab
    2. The AFSTokens app is no longer maintained, but is still the best way to obtain AFS tokens.
    3. Obtaining tokens works under the latest version of Mac OS X Mavericks. However, deleting tokens crashes the app.
    4. Renewing existing tokens does not work. You must first delete any AFS tokens and Kerberos tickets by running the following two commands from a Terminal prompt commandline:
      Code Block
      
 unlog

 kdestroy
    5. Viewing your AFS group membership works under the latest version of OS X Mavericks.